Closed Bug 557904 Opened 14 years ago Closed 14 years ago

Add "Microsec e-Szigno Root CA 2009" root certificate to NSS

Categories

(NSS :: CA Certificates Code, task, P2)

Tracking

(Not tracked)

RESOLVED FIXED
3.12.8

People

(Reporter: kwilson, Assigned: KaiE)

References

Details

Attachments

(1 file, 1 obsolete file)

1.01 KB, application/octet-stream
Details
Attached file Microsec Root Cert (obsolete) —
This bug requests inclusion in the NSS root certificate store of the following
certificate, owned by Microsec.

Friendly name: Microsec e-Szigno Root CA 2009

Certificate location:
http://www.e-szigno.hu/rootca2009.crt

SHA1 Fingerprint: a6:5c:b4:73:3d:94:a5:c8:65:a8:64:64:7c:2c:01:27:2c:89:b1:43

Trust flags: Websites, Email, Code Signing

Test URL: https://pca.e-szigno.hu/

This CA has been assessed in accordance with the Mozilla project guidelines,
and the certificate approved for inclusion in bug #510506.

The next steps are as follows:

1) A representative of the CA must confirm that all the data in this bug is
correct, and that the correct certificate(s) have been attached. They must also
specify what OS they would like to use to perform the verification below.

2) A Mozilla representative creates a test build of NSS with the new
certificate(s), and attaches nssckbi.dll to this bug. A representative of the
CA must download this, drop it into a copy of Firefox and/or Thunderbird on the
OS in question and confirm (by adding a comment here) that the certificate(s)
have been correctly imported and that websites work correctly.

3) The Mozilla representative checks the certificate(s) into the NSS store, and
marks the bug RESOLVED FIXED.

4) At some time after that, various Mozilla products will move to using a
version of NSS which contains the certificate. This process is mostly under the
control of the release drivers for those products.
István, Please see step #1 above.
(In reply to comment #0)
> Friendly name: Microsec e-Szigno Root CA 2009
> 
> Certificate location:
> http://www.e-szigno.hu/rootca2009.crt
> 
> SHA1 Fingerprint: a6:5c:b4:73:3d:94:a5:c8:65:a8:64:64:7c:2c:01:27:2c:89:b1:43
> 
> Trust flags: Websites, Email, Code Signing
> 
> Test URL: https://pca.e-szigno.hu/

I confirm that the above information is correct.

István
Thanks for confirming that the data in this bug is correct.

Root inclusions/updates are usually grouped and done as a batch when there is
either a large enough set of changes or about every 3 months.

At some point in the next 3 months a test build will be provided and this bug
will be updated to request that you test it. Since you are cc'd on this bug,
you will get notification via email when that happens.
Kai, Please hold off on this request until further notice. We need to evaluate a potential change in the root certificate.

I will post another update in this bug when this has been resolved.
What happened here?
Nothing of alarm. The CA noticed a potential issue while testing with EV. The current request is not to enable EV, but they do intend to do so in the future. The CA will provide information in bug #510506 soon.
Thanks, perhaps I can help with the issue?
Yes, I suspect so. I have asked the CA to post their findings and proposed solution in bug #510506. It may result in information that would be useful to be shared and added to recommended/problematic wiki pages if appropriate.
Istvan, Kathleen, feel free to email me.
Attached file Microsec Root Cert
Updated the attached root certificate.
Attachment #437659 - Attachment is obsolete: true
The root certificate has been updated, and the changes have been reviewed, discussed, and approved. For details, see bug #510506.

Here is the information for the new root certificate.

Friendly name: Microsec e-Szigno Root CA 2009

Certificate location: http://www.e-szigno.hu/rootca2009_02.crt

SHA1 Fingerprint: 89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E

Trust flags: Websites, Email, Code Signing

Test URL: https://pca.e-szigno.hu/


István, Please confirm that this data is correct, and that the correct certificate has been attached.
(In reply to comment #11)
> The root certificate has been updated, and the changes have been reviewed,
> discussed, and approved. For details, see bug #510506.
> 
> Here is the information for the new root certificate.
> 
> Friendly name: Microsec e-Szigno Root CA 2009
> 
> Certificate location: http://www.e-szigno.hu/rootca2009_02.crt
> 
> SHA1 Fingerprint: 89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E
> 
> Trust flags: Websites, Email, Code Signing
> 
> Test URL: https://pca.e-szigno.hu/
> 
> 
> István, Please confirm that this data is correct, and that the correct
> certificate has been attached.

Yes, I confirm that the data is correct and the correct certificate is attached.

Thank you very much for your help, and I am sorry for this complication.
Thanks István.

Kai, this request is ready for when you do the next round of root inclusions/updates. Please use the data from Comment #11 and the attached cert. Thanks.
Depends on: 582575
Current test builds (Mozilla experimental) for various platforms can be found
at
http://ftp.mozilla.org/pub/mozilla.org/firefox/tryserver-builds/kaie@kuix.de-92eacf382419/

Please note the builds at above location will be automatically deleted after
two weeks, so please make copies if you need them.

Please test and confirm that your roots have been added correctly, with the
correct trust flags (use certificate manager, find your cert, click "view" to
see the trust flags).
(In reply to comment #14)
> Please test and confirm that your roots have been added correctly, with the
> correct trust flags (use certificate manager, find your cert, click "view" to
> see the trust flags).

Yes, I confirm that the root has been added correctly.
fixed with bug 582575
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.12.8
Priority: -- → P2
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: